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DETAILED ACTION 



1. 



This is in response to the arguments filed on 8 January 2007. 



2. 



Claims 1-72 are pending in the application. 



3. 



Claims 1-72 have been rejected. 



Response to Arguments 



4. Applicant's arguments with respect to claims 1-72 have been considered but are moot in view 
of the new ground(s) of rejection. 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 



(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 



5. Claims 1, # 12, 23, 34-36, 47-49 and 60-62 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Wood U.S. Patent No. 6,609,198 Bl. 

As to claims 1,12 and 23, Wood discloses a method of re-authenticating and protecting 
communication security, comprising the steps of: 



a) performing a secondary authentication protocol between a client 
electronic system (client) and a network access point electronic system (AP) using 
a key lease generated by performance of a primary authentication protocol, 
wherein the key lease includes a key lease period for indicating a length of time in 
which the key lease is valid for using the secondary authentication protocol 



Claim Rejections - 35 USC § 102 



A person shall be entitled to a patent unless - 
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instead of the primary protocol [column 15, lines 1-48; column 16, lines 18-56]; 
and 

b) if the secondary authentication protocol is successful, generating a 
session encryption key for encrypting communication traffic between the client 
and the AP [column 16, lines 18-56]. 
As to claims 34, 47 and 60, Wood discloses a method of authenticating a client electronic 
system (client) to allow access to a network, comprising the steps of: 

a) in response to a first request to authenticate, performing a primary 
authentication protocol between the client and a first network access point 
electronic system (first AP) to allow access to a network [column 15, lines 1-48; 
column 16, lines 18-56]; 

b) if the primary authentication protocol is successful, generating a key 
lease, wherein the key lease includes context information and a key lease period 
for indicating a length of time in which the key lease is valid for using a 
secondary authentication protocol instead of the primary authentication protocol 
[column 15, lines 1-48; column 16, lines 18-56]; 

c) transmitting the key lease to the client [column 15, lines 1-48; column 
16, lines 18-56]; and 

d) in response to a second request to authenticate, performing the 
secondary authentication protocol between the client and a second network access 
point electronic system (second AP) using the key lease [column 15, lines 1-48; 
column 16, lines 18-56]. 
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As to claims 35, 48 and 61, Wood discloses the method further comprising the step of: 

e) if the secondary authentication is successful, using the context 
information of the lease key to control access of the client to the network [column 
17, lines 52-64]. 

As to claims 36, 49 and 62, Wood discloses that the context information includes 
information established in the primary authentication protocol [column 17, lines 52-64]. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 2-6, 13-17 and 24-28 are rejected under 35 U.S.C. 103(a) as being unpatentable 

over Wood U.S. Patent No. 6,609,198 Bl as applied to claims 1, 12 and 23 above, and 

further in view of Dole U.S. Patent No. 6,628,786 Bl. 

As to claims 2-5, 13-16 and 24-27, Wood discloses transmitting the key lease from the 
client to the AP [column 15, lines 1-48; column 16, lines 18-56]. Wood discloses that the key 
lease includes an encryption key for use in the secondary authentication protocol [column 15, 
lines 1-48; column 16, lines 18-56]. 

Wood does not teach generating a first random number associated with the client and a 
second random number associated with the AP. Wood does not teach transmitting the first 
random number to the AP and the second random number to the client. Wood does not teach 
using the encryption key, the first random number, the second random number, and a hash 
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function to determine the session encryption key. Wood does not teach applying an HMAC- 
MD5 algorithm and the encryption key on a concatenation of the first random number and the 
second random number to determine the session encryption key. Wood does not teach applying 
a HMAC-SHA-1 algorithm and the encryption key on a concatenation of the first random 
number and the second random number to determine the session encryption key. 

Dole teaches generating a first random number associated with the client and a second 
random number associated with the AP [column 6, lines 5-27]. Dole teaches transmitting the 
first random number to the AP and the second random number to the client [column 6, lines 5- 
27]. Dole teaches using the encryption key, the first random number, the second random 
number, and a hash function to determine the session encryption key [column 6, lines 28-36]. 
Dole teaches applying a HMAC-MD5 algorithm and the encryption key on a concatenation of 
the first random number and the second random number to determine the session encryption key 
[column 6 line 50 to column 7 line 2], Dole teaches applying a HMAC-SHA-1 algorithm and the 
encryption key on a concatenation of the first random number and the second random number to 
determine the session encryption key [column 6 line 50 to column 7 line 2]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Wood so that random numbers would have been 
generated at the client and the AP. The client's random number would have been transmitted to 
the AP and the AP's random number would have been transmitted to the client. The two random 
numbers would have been concatenated. A hashing function and an encryption key would have 
been applied to the concatenated random numbers. The concatenated random numbers would 
have been hashed with either a HMAC-MD5 or a HMAC-SHA-1 hashing function. 
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It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Wood by the teaching of Dole because this method 
improves the quality of entropy by allowing machines with no physical source of entropy to 
gather entropy by communicating with other machines and insure that machines that generate 
many random session keys do not run the risk of depleting their local supplies of entropy 
[column 4, lines 45-60], 

As to claims 6, 17 and 28, Wood teaches generating a first session encryption key for 
encrypting communication traffic from the client to the AP [column 5 line 54 to column 6 line 
15]. Wood teaches generating a second session encryption key for encrypting communication 
traffic from the AP to the client [column 15 ? lines 1-48; column 16, lines 18-56]. 
7. Claims 7-11, 18-22 and 29-33 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Wood U.S. Patent No. 6,609,198 Bl and Dole U.S. Patent No. 6,628,786 Bl as applied 
to claims 2, 13 and 24 above, and further in view of Kessler et al U.S. Patent No. 6,789,147 
Bl. 

As to claims 7-11, 18-22 and 29-33, the Wood-Dole combination does not teach using the 
encryption key, the first random number, the second random number, a first media access control 
(MAC) address associated with the client, a second media access control (MAC) address 
associated with the AP, and a hash function to determine the first and second session encryption 
keys. The Wood-Dole combination does not teach applying a HMAC-MD5 algorithm and the 
encryption key on a concatenation of the first random number, the second random number, the 
first media access control (MAC) address associated with the client, and the second media access 
control (MAC) address associated with the AP to determine the first session encryption key. The 
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Wood-Dole combination does not teach applying a HMAC-SHA-1 algorithm and the encryption 
key on a concatenation of the first random number, the second random number, the first media 
access control (MAC) address associated with the client, and the second media access control 
(MAC) address associated with the AP to determine the first session encryption key. The Wood- 
Dole combination does not teach applying a HMAC-MD5 algorithm and the encryption key on a 
concatenation of the first random number, the second random number, the second media access 
control (MAC) address associated with the AP, and the first media access control (MAC) address 
associated with the client to determine the second session encryption key. The Wood-Dole 
combination does not teach the Wood-Dole combination does not teach applying a HMAC-SHA- 
1 algorithm and the encryption key on a concatenation of the first random number, the second 
random number, the second media access control (MAC) address associated with the AP, and the 
first media access control (MAC) address associated with the client to determine the second 
session encryption key. 

Kessler et al teaches using a encryption key, a first random number, a second random 
number, a first media access control (MAC) address associated with the client, a second media 
access control (MAC) address associated with the AP, and a hash function to determine a first 
and second session encryption keys [column 5, lines 18-37]. Kessler et al teaches applying a 
HMAC-MD5 algorithm and a encryption key on a concatenation of a first random number, a 
second random number, a first media access control (MAC) address associated with a client, and 
a second media access control (MAC) address associated with a AP to determine a first session 
encryption key [column 7 line 54 to column 8 line 10]. Kessler et al teaches applying a HMAC- 
SHA-1 algorithm and a encryption key on a concatenation of a first random number, a second 
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random number, a first media access control (MAC) address associated with a client, and a 
second media access control (MAC) address associated with a AP to determine a first session 
encryption key [column 7 line 54 to column 8 line 10]. Kessler et al teaches applying a HMAC- 
MD5 algorithm and a encryption key on a concatenation of a first random number, a second 
random number, a second media access control (MAC) address associated with a AP, and a first 
media access control (MAC) address associated with a client to determine a second session 
encryption key [column 7 line 54 to column 8 line 10]. Kessler et al teaches applying a HMAC- 
SHA-1 algorithm and a encryption key on a concatenation of a first random number, a second 
random number, a second media access control (MAC) address associated with a AP, and a first 
media access control (MAC) address associated with a client to determine a second session 
encryption key [column 7 line 54 to column 8 line 10]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified the Wood-Dole combination so that a encryption 
key, a first random number, a second random number, a first media access control (MAC) 
address associated with the client, a second media access control (MAC) address associated with 
the AP, and a hash function would have been used to determine a first and second session 
encryption keys. The first session encryption key would have been determined by applying 
either a HMAC-MD5 or HMAC-SHA-1 hashing function and a encryption key to the 
concatenation of a first random number, a second random number, a first media access control 
(MAC) address associated with a client, and a second media access control (MAC) address 
associated with a AP. The second session encryption key would have been determined by 
applying either a HMAC-MD5 or HMAC-SHA-1 hashing function and a encryption key to the 
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concatenation of a first random number, a second random number, a first media access control 
(MAC) address associated with a client, and a second media access control (MAC) address 
associated with a AP. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified the Wood-Dole combination by the teaching of Kessler et 
al because it provides a system that does not require a large amount of resources to be consumed 
with establishing secure sessions and it reduces latency and provides enhanced security [column 
2, lines 27-39]. 

8, Claims 37, 50 and 63 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wood U.S. Patent No, 6,363,149 Bl as applied to claims 34, 47 and 60 above, and further in 
view of Kennelly et al U.S. Patent No. 6,754,702 Bl. 

As to claims 37, 50 and 63, Wood does not teach that the context information includes 
accounting information, session timeout information, and filtering information. 

Kennelly et al teaches context information that includes accounting information, session 
timeout information, and filtering information [column 14, lines 36-45]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Wood so that the context information would have 
included account information, session time out information and system filtering information. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Wood by the teaching of Kennelly et al because it helps 
organize which resources of a network device can be allocated between organizations or users 
[column 2, lines 8-14]. 
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9. Claims 38-43, 51-56 and 64-69 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Wood U.S. Patent No. 6,363,149 Bl as applied to claims 34, 47 and 60 above, and 
further in view of Babu et al U.S. Patent No. 6,122,639. 

As to claims 38, 41, 43, 51, 54, 56, 64, 67 and 69, Wood discloses that the key lease 
further includes a first identifier associated with the client [column 15, lines 1-48; column 16, 
lines 18-56]. Wood discloses a first encryption key associated with the primary authentication 
protocol [column 15, lines 1-48; column 16, lines 18-56]. Wood discloses a second encryption 
key for use in the secondary authentication protocol [column 15, lines 1-48; column 16, lines 18- 
56]. Wood discloses a second identifier associated with a particular network access point 
electronic system group of a plurality of network access point electronic system groups [column 
15, lines 1-48; column 16, lines 18-56]. 

Wood does not teach an integrity function data for determining an unauthorized change 
to a first portion of the key lease. 

Babu et al teaches an integrity function data for determining an unauthorized change to a 
first portion of the key lease [column 9 line 61 to column 10 line 5]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Wood so that there would have been means for 
determining unauthorized change to the first portion of the key lease. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Wood by the teaching of Kennelly et al because it ensures 
that a third party did not intercept the keys and modify them [column 4, lines 43-57]. 



0 
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As to claims 39, 52 and 65, Wood teaches that the first portion includes the first 
identifier, the first encryption key, the second encryption key, the key lease period, and the 
context information [column 15, lines 1-48; column 16, lines 18-56]. 

As to claims 40, 53 and 66, Wood teaches that a second portion of the key lease is 
encrypted using a third encryption key [column 15, lines 1-48; column 16, lines 18-56]. 
As to claims 42, 55 and 68, Wood teaches that step b) includes: 

bl) transmitting the first identifier and the key lease to the second AP 
[column 18, lines 27-50]; 

b2) if the second AP is associated with the second identifier of the key 
lease, retrieving the third encryption key corresponding to the second identifier 
[column 18, lines 27-50]; and 

b3) decrypting the second portion of the key lease using the retrieved third 
encryption key [column 18, lines 27-50]. 
10. Claims 44, 57 and 70 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wood U.S. Patent No. 6,363,149 Bl as applied to claims 34, 47 and 60 above, and further in 
view of Kung et al U.S. Patent No. 5,434,918. 

As to claims 44, 57 and 70, Wood does not teach that the secondary authentication 
protocol comprises a mutual challenge-response protocol based on symmetric encryption. 

Kung et al teaches a secondary authentication protocol that comprises a mutual 
challenge-response protocol based on symmetric encryption [column 3, lines 16-29]. 
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Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Wood so that the second authentication protocol 
would have been a mutual challenge-response protocol based on symmetric encryption. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Wood by the teaching of Kung et al because the use of 
mutual authentication that employs symmetric encryption provides for network security and will 
authenticate individual users on client workstations and permit users to authenticate to the AP 
[column 2, lines 19-26]. 

11, Claims 45, 58 and 71 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wood U.S. Patent No. 6,363,149 Bl as applied to claims 34, 47 and 60 above, and further in 
view of Burns et al U.S. Patent No. 6,792,424. 

As to claims 45, 58 and 71 , Wood does not teach that the secondary authentication 
protocol comprises a mutual challenge-response protocol based on a one-way hash function 
message authentication code (HMAC) implementation. 

Burns et al teaches a secondary authentication protocol that comprises a mutual 
challenge-response protocol based on a one-way hash function message authentication code 
(HMAC) implementation [column 6 line 49 to column 7 line 6]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Wood so that that the secondary authentication 
protocol would have been a mutual challenge-response protocol based on a one-way hash 
function message authentication code (HMAC) implementation. 
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It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Wood by the teaching of Burns et al because it ensures the 
correctness of the actions while minimizing computational overhead [column 6 line 49 to column 
7 line 6]. 

12. Claims 46, 59 and 72 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wood U.S. Patent No. 6,363,149 Bl as applied to claims 34, 47 and 60 above, and further in 
view of Burns et al U.S. Patent No. 6,792,424. 

As to claims 46, 59 and 72, Wood does not teach that the secondary authentication 
protocol comprises a mutual challenge-response protocol based on a keyed message 
authentication code implementation. 

Burns et al teaches a secondary authentication protocol that comprises a mutual 
challenge-response protocol based oh a keyed message authentication code implementation 
[column 6 line 49 to column 7 line 6]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Wood so that that the secondary authentication 
protocol would have been a mutual challenge-response protocol based on a keyed message 
authentication code implementation. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Wood by the teaching of Burns et al because it ensures the 
correctness of the actions while minimizing computational overhead [column 6 line 49 to column 
7 line 6]. 
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Conclusion 

13. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Aravind K Moorthy 
April 1,2007 
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